Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Mirroring in 2.1

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Apocrathia
      last edited by

      This is the only post that I've found on this topic.
      http://forum.pfsense.org/index.php/topic,38911.msg200538.html

      I'm currently running pfSense on a little alix2d13 (http://www.pcengines.ch/alix2d13.htm) and it's by far the best little piece of hardware that I've found to run pfSense on a home network (besides a VM, but that's a level of complexity that I don't want to worry with right now). I've got it sitting in between my cable modem and main switch, but there's an extra port on the device that I'm not using. Now, I'm a huge fan of Snort and I know that the package is available on pfSense, but that box is just not powerful enough to handle everything. I'd like to use the extra port as a mirror of the WAN, and attach it to a separate machine all together running Snort.

      I understand that I can go into the shell and create the vif to do this, but is this something we can do from the webui now?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Hmm, good question. It's certainly now possible to add a span port to the bridge as JimP described in that thread but I'm unsure as to how configurable that is. It doesn't look like you can choose which ports are span ports from the webgui it's a checkbox that looks like it applies to everything. In your case that doesn't matter since you only have the one additional port and you want that to be a span port. Try it and see.

        Steve

        Edit: Just realised upon further investigation that what I wrote above is wrong. You can select which interface is the span port from the drop down. However since it can't be one of the bridge members that means you only have one member on the bridge. Also I don't think you can bring up an interface in monitor mode from the webgui.

        1 Reply Last reply Reply Quote 0
        • J
          joelmale
          last edited by

          Sorry to pile on, but I'm looking at the same problem. 
          I want a SPAN port, mirrored off my DMZ port, but I am unable to create the SPAN because it wont let me bridge a single port(DMZ).  Is there a better way to accomplish this?

          I'm thinking I might tinker with the vSwitch and this pfsense is running on ESXi, but I would like to understand how/if pfsense can SPAN a single port not a bridge.  Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.